View
237
Download
0
Category
Preview:
Citation preview
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
1/15
SNIFFERS, SNIFFING, SPOOFINGANDVULNERABLEPROTOCOL
Submittted to Submitted by
Prof. Piyush Shukla Prashant Sharma
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
2/15
CONTENTS
Sniffers
Spoofing
Forms of spoofing
Sniffing Types of sniffing tools
Sniffing method
Vulnerable protocol
Cross site scripting
SQL injection
bibliography
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
3/15
SNIFFERS
Sniffers or packet analyzer is computer programor piece of hardware that can intercept or logtraffic passing over a digital network or part of anetwork
Packet travels across the network so snifferdecodes each packet
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
4/15
SPOOFING
Action that make an electronic transmission appearto originate from where that it does not
Spoofing is the process of creating TCP/IP packetusing somebody else IP address
Spoofing can be used to steal important update
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
5/15
FORMSOFSPOOFING
IP spoofing It is act of manipulating the header ina transmitted message to mask a hackers trueidentity
URL spoofing It occurs when one websiteappear as it is another. The URL appear is not thereal URL of website
Email spoofing It is act of altering the header ofan Email so that email appears to be sent fromsome one else
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
6/15
SNIFFING
Sniffing is the technique of monitoring every packetthat cross the network
Wire shark is an example of a sniffing tool use forsniffing
Theoretically it is impossible to detect sniffing tool
because they are passive in nature
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
7/15
TYPESOFSNIFFINGTOOL
Commercial packet sniffer They help to maintainnetwork by analysis bottleneck and intrusiondetection to monitor for attack
Underground packet sniffer They are used by theattackers to gain unauthorized access
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
8/15
SNIFFINGMETHODS
IP based sniffing It is the original form of snipping. It work by putting machine into promiscuous modeand sniffing all packets matching the IP addressfilter
MAC based sniffing It works by putting themachine in promiscuous mode and matching allpackets with MAC address filter
Suitable for non switched network
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
9/15
..
ARP based sniffing It does not put network cardin promiscuous mode because ARP protocol isstateless.
Sniffing can be done in switched network
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
10/15
VULNERABLEPROTOCOL
Protocols implemented in TCP/IP model layers arevulnerable
Example of these kind of vulnerabilities are
1. cross site scripting
2. SQL injection
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
11/15
CROSSSITESCRIPTING
It is an security vulnerability in which one site say Acan create a program (or script) that they can trickyou running on another site B
It is of two types
1. Persistence
2. Non persistence
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
12/15
SQL INJECTION
This is the case of command injection
Used in e-commerce and database applications
In database it is possible to construct a valid SQLstatement that is significantly different from desiredcommand and execute query that are intended
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
13/15
EXAMPLEOFSQLINJECTION
SELECT * FROM OrdersTable WHERE ShipCity ='Redmond'
assume that the user enters the following:
Redmond'; drop table OrdersTable-- In this case, the following query is assembled by
the script:
SELECT * FROM OrdersTable WHERE ShipCity =
'Redmond';drop table OrdersTable--
7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
14/15
BIBLIOGRAPHY
www.howstuffworks.com
www.wikipedia.org
www.traffeng.net
www.netsecure.edu Computer network by Kurose and Ross
http://www.howstuffworks.com/http://www.wikipedia.org/http://www.traffeng.net/http://www.netsecure.edu/http://www.netsecure.edu/http://www.traffeng.net/http://www.wikipedia.org/http://www.howstuffworks.com/7/31/2019 Sniffers, Sniffing, Spoofing and Vulnerable Protocol
15/15
Recommended